DNS over HTTPS encrypts DNS traffic to increase security and privacy. Here is how to turn on DNS over HTTPS in Windows 11 in simple steps.
Microsoft has been pushing for DNS over HTTPS for a long time now. It would’ve been a significant feature on Windows 10 if not for Windows 11. Thankfully, Windows 11 is right around the corner, and it comes with the DNS over HTTPS feature. All you have to do is turn it on and configure it to use the supported DNS provider.
This quick and straightforward Windows 11 guide lets me show you how to turn on DNS over HTTPS in Windows 11 and configure it.
What is DNS over HTTPS?
Before getting to the DNS over HTTPS (DoH), we first need to know what DNS means.
In simple terms, DNS (Domain Name System) translates human-readable website addresses to their respective IP address(s). For example, if you try to open a website like bing.com or google.com, a DNS server will take that domain name and translates it to its respective IP addresses. This is called a DNS Query. You can think of DNS as a phonebook. Without a DNS server, you would have to remember the literal IP addresses of each website. As you can guess, that would not be good. This is a very simplified overview of what a DNS is. If you are interested, read this Cloudflare blog post to learn about DNS in detail.
DNS quires are generally unencrypted. That means anyone who is monitoring your network packets can easily find out which websites you are visiting. This is true even if the website is using HTTPS protection. In addition to this, unencrypted DNS queries are also susceptible to Man-in-the-Middle attacks. In these attacks, the attacker will change the DNS answers and redirect unsuspecting users to malicious websites.
When the DNS over HTTPS feature is turned on, all the DNS quires are encrypted. This makes sure that anyone monitoring your network packets cannot see the actual websites you are visiting and make it almost impossible for Man-in-the-middle attacks.
For DNS over HTTPS to work, both endpoints. i.e., the operating system/application and the DNS server itself should support it. Thankfully, the Windows 11 OS and most major DNS services like Cloudflare and Google Public DNS support DNS over HTTPS. So, you can happily use DNS over HTTPS in Windows 11.
Turn on DNS over HTTPS in Windows 11
To enable the DNS over HTTPS feature in Windows 11, follow the below steps.
First, make sure you are connected to a network. Next, press the “Windows key + I” shortcut to open the Settings app. In the Settings app, select “Network & Internet” on the sidebar and then click on the “Properties” option under the main heading.
Now, click the “Edit” button next to the “DNS Server Assignment” option. This is how you turn on and set up the DNS over HTTPS feature.
Select “Manual” from the first dropdown menu. After that, turn on the “IPv4” option. Next, type one of the below IP address in the “Preferred DNS” field. I recommend you use Cloudflare DNS.
- Cloudflare DNS — 220.127.116.11
- Google Public DNS — 18.104.22.168
- Quad9 — 22.214.171.124
Select the “Encrypted only (DNS over HTTPS)” option from the “Preferred DNS encryption” dropdown menu.
Next, type one of the below IP addresses in the “Alternate DNS” field. I recommend you use the same DNS service that you used in the Preferred DNS field. For example, Since I used Cloudflare DNS (126.96.36.199) as the preferred DNS, I’m using 188.8.131.52 as the Alternate DNS.
- Cloudflare DNS — 184.108.40.206
- Google Public DNS — 220.127.116.11
- Quad9 — 18.104.22.168
After that, select the “Encrypted only (DNS over HTTPS)” option from the “Alternate DNS encryption” dropdown menu.
Finally, click the “Save” button to apply the DNS over HTTPS settings. To make sure all the changes are applied to the operating system, restart the computer, and you are good to go.
From now on, any DNS query made from your computer will be encrypted. You can verify that by going to this page. If the DNS over HTTPS feature is working as intended, you will see “Yes” next to the “Using DNS over HTTPS (DoH)” heading.
If you are using IPv6, I recommend you set up the IPv6 DNS in the same way as IPv4 DNS. Below are the IPv6 DNS addresses, both preferred & alternate addresses, you can use to configure DoH.
- Cloudflare — 2606:4700:4700::1111 & 2606:4700:4700::1001
- Google Public DNS — 2001:4860:4860::8888 & 2001:4860:4860::8844
- Quad9 — 2620:fe::fe & 2620:fe::fe:9
That is all. It is that simple to enable or turn on DNS over HTTPS in Windows 11. In case you are wondering, you can use any DNS service that supports DoH. Think of the above three as recommendations, nothing more.
I hope that helps.
If you are stuck or need some help, comment below, and I will try to help as much as possible.